Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-11-2024 23:37
General
-
Target
4fcca8a0545d186f460ac10886c46cd42fbef9e343d9e9d997c13820bccc7a87.exe
-
Size
453KB
-
MD5
afefe191cfec1baabd209d2703abb81a
-
SHA1
5858b3c6b969b349839f60e270d866c8b22d53f9
-
SHA256
4fcca8a0545d186f460ac10886c46cd42fbef9e343d9e9d997c13820bccc7a87
-
SHA512
7dd47d17caa2f9d66150b49d02fddd182bb71207c5b9dbc08d7372b02dd26de526430aefd61555d45a6f526e9f96c4a58e4554b9fdaac83ad41bb65f979a7424
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeH:q7Tc2NYHUrAwfMp3CDH
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 49 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4fcca8a0545d186f460ac10886c46cd42fbef9e343d9e9d997c13820bccc7a87.exe"C:\Users\Admin\AppData\Local\Temp\4fcca8a0545d186f460ac10886c46cd42fbef9e343d9e9d997c13820bccc7a87.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjp.exec:\jjjjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxxrx.exec:\9rxxxrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjd.exec:\9vvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlff.exec:\xxfxlff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnh.exec:\hnnbnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlxx.exec:\xxxrlxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhth.exec:\hhnhth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthtb.exec:\hbthtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfllfr.exec:\9xfllfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxxlf.exec:\rrlxxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjv.exec:\pvvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrlxr.exec:\lxfrlxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttht.exec:\ntttht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbht.exec:\bbnbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthn.exec:\bhbthn.exe17⤵
- Executes dropped EXE
-
\??\c:\hhtbbn.exec:\hhtbbn.exe18⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe19⤵
- Executes dropped EXE
-
\??\c:\htthtb.exec:\htthtb.exe20⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\bbthhn.exec:\bbthhn.exe22⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe23⤵
- Executes dropped EXE
-
\??\c:\3hhnth.exec:\3hhnth.exe24⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe25⤵
- Executes dropped EXE
-
\??\c:\fllrflr.exec:\fllrflr.exe26⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe27⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bttbnn.exec:\bttbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\5nhnhn.exec:\5nhnhn.exe32⤵
- Executes dropped EXE
-
\??\c:\1flxxrr.exec:\1flxxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbthn.exec:\bbbthn.exe34⤵
- Executes dropped EXE
-
\??\c:\xxxllrf.exec:\xxxllrf.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\9tthth.exec:\9tthth.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xfllfxr.exec:\xfllfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\9fxlrxr.exec:\9fxlrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\7htbbb.exec:\7htbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\lrlrflf.exec:\lrlrflf.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe50⤵
- Executes dropped EXE
-
\??\c:\lrxllll.exec:\lrxllll.exe51⤵
- Executes dropped EXE
-
\??\c:\hhtnbn.exec:\hhtnbn.exe52⤵
- Executes dropped EXE
-
\??\c:\3djjv.exec:\3djjv.exe53⤵
- Executes dropped EXE
-
\??\c:\rffrlxl.exec:\rffrlxl.exe54⤵
- Executes dropped EXE
-
\??\c:\tththt.exec:\tththt.exe55⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe56⤵
- Executes dropped EXE
-
\??\c:\xfflxfx.exec:\xfflxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlflrfx.exec:\rlflrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\thhtht.exec:\thhtht.exe59⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe60⤵
- Executes dropped EXE
-
\??\c:\9rlrxlf.exec:\9rlrxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnhbt.exec:\nbnhbt.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\btthtb.exec:\btthtb.exe63⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\fflrlxl.exec:\fflrlxl.exe65⤵
- Executes dropped EXE
-
\??\c:\nntbhn.exec:\nntbhn.exe66⤵
-
\??\c:\5ppvv.exec:\5ppvv.exe67⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe68⤵
-
\??\c:\lllfxll.exec:\lllfxll.exe69⤵
-
\??\c:\ntthhb.exec:\ntthhb.exe70⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe71⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe72⤵
-
\??\c:\rrxlflf.exec:\rrxlflf.exe73⤵
-
\??\c:\hhnbbn.exec:\hhnbbn.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppdvv.exec:\ppdvv.exe75⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe76⤵
-
\??\c:\hnthth.exec:\hnthth.exe77⤵
-
\??\c:\btthht.exec:\btthht.exe78⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe79⤵
-
\??\c:\3xrfrxf.exec:\3xrfrxf.exe80⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe81⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe82⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe83⤵
-
\??\c:\rrrfxfl.exec:\rrrfxfl.exe84⤵
-
\??\c:\9nbtbn.exec:\9nbtbn.exe85⤵
-
\??\c:\hnhnht.exec:\hnhnht.exe86⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe87⤵
-
\??\c:\lrrrflx.exec:\lrrrflx.exe88⤵
-
\??\c:\7nbnbn.exec:\7nbnbn.exe89⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe90⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe91⤵
-
\??\c:\7lrffrl.exec:\7lrffrl.exe92⤵
-
\??\c:\rlxlrxr.exec:\rlxlrxr.exe93⤵
-
\??\c:\3btthb.exec:\3btthb.exe94⤵
-
\??\c:\1dpjp.exec:\1dpjp.exe95⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe96⤵
-
\??\c:\3xxfllf.exec:\3xxfllf.exe97⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe98⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe99⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe100⤵
-
\??\c:\lllrlxr.exec:\lllrlxr.exe101⤵
-
\??\c:\bhtbnn.exec:\bhtbnn.exe102⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe103⤵
-
\??\c:\ffrffrf.exec:\ffrffrf.exe104⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe105⤵
-
\??\c:\5nbhtb.exec:\5nbhtb.exe106⤵
-
\??\c:\5ffflrf.exec:\5ffflrf.exe107⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe108⤵
-
\??\c:\9jdjd.exec:\9jdjd.exe109⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe110⤵
-
\??\c:\3fffllx.exec:\3fffllx.exe111⤵
-
\??\c:\7hbhbn.exec:\7hbhbn.exe112⤵
-
\??\c:\7pdjv.exec:\7pdjv.exe113⤵
-
\??\c:\dddvp.exec:\dddvp.exe114⤵
-
\??\c:\xxxflxf.exec:\xxxflxf.exe115⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe116⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe117⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe118⤵
-
\??\c:\xxrxrrf.exec:\xxrxrrf.exe119⤵
-
\??\c:\5nbbnn.exec:\5nbbnn.exe120⤵
-
\??\c:\btntnt.exec:\btntnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-